Cox confirms data breach by support agent posing as hacker

The data breach revealed the names, addresses, phone numbers, Cox account numbers of affected customers, etc.

Cox Communications has disclosed a data breach resulting in a hacker obtaining customers’ personal information by posing as a support agent.

According to Bleeping Computer, Cox sent customers a letter saying she learned on Oct. 11 that one or more unknown people were posing as a Cox support agent to gain access to customer information. The hacker likely used a social engineering attack to gain access to Cox’s internal systems that provided customer information.

The Cox data breach revealed the names, addresses, phone numbers, Cox account numbers, email addresses, usernames and PINs of customers. In addition, questions and answers on account security and the services received were exposed.

Cox sent us the following statement:

“The safety of the services we provide to customers is a top priority. A recent security incident affected a small number of customer accounts. We promptly launched an investigation, took steps to secure the affected accounts, and implemented additional security controls to further protect their information. We are working with law enforcement and are in the process of informing all affected customers. “

Cox would not say if the breach is impacting the operations of his partners.

A strong safety culture is necessary

James McQuiggan of KnowBe4

James McQuiggan is a Security Awareness Advocate at KnowBe4.

“In organizations that maintain databases containing sensitive information about their customers, a strong security culture should be an important part of their environment,” he said. “Cybercriminals will continually attempt to take advantage of the human nature of seeking help and curiosity to gain access to organizations. “

Organizations should educate users to trust and verify who they are talking to based on the phone number stored in the corporate directory, and to initiate a callback when sharing sensitive information or accessing information. systems, McQuiggan said.

“It can be an inconvenience and take a few extra minutes, but it can avoid damaging the organization’s brand and a potential loss of revenue,” he said.

Mundane, everyday operations Root cause of most violations

Chris Clements of Cerberus Sentinel

Chris Clements of Cerberus Sentinel

Chris Clements is Vice President of Solutions Architecture at Cerberus Sentinel.

“There have been several similar violations that have occurred in recent years due to the compromise of internal support systems, with Twitter being the most notable incident,” he said. “I think this indicates widespread failures to consider all potential threat vectors when developing a comprehensive security strategy. We love to imagine high-profile sexy attacks like the SolarWinds breach a year ago. But the reality is that it is far more common that the mundane day-to-day operations that we become oblivious to are the root of most security incidents. “

For example, the most dangerous things people do on their computers every day are emailing and browsing the web, Clements said. However, the banality of these things means that people don’t feel at increased risk when doing these things.

Likewise, an organization’s help desk often has wide access to user accounts for troubleshooting and can cause catastrophic damage if compromised by an attacker, he said. “So it’s critical that every organization analyzes potential threat vectors to help desks and other support functions to ensure that an attack cannot easily exploit these avenues. “

Comments are closed.